locked
WSS 3.0 remote integrated authentication for clients failing, always prompted for authentication RRS feed

  • Question

  • I am working on building a DEV environment for an application that requires WSS 3.0.

    Servers

    • UserClient [Windows 7 domain-joined]
    • SP_Server [Windows Server 2008, domain-joined]

    Domain Account

    • SP_Service_Account [domain-joined]
    • TestUser [domain-joined]

    These accounts and machines are domain joined to a Windows AD domain Example.com

    I installed WSS 3.0 SP3 on SP_Server, I then changed the application pool in IIS to run under SP_Service_Account under classic mode, and granted the SP_Service_Account user full permission on the local Windows Internal Database.

    I validated that SP_Server has the servicePrincipalName Host/SP_Server & Host/SP_Server.example.com

    I registered the SPNs on the SP_Service_Account with HTTP/SP_Server & HTTP/SP_Server.example.com

    I added http://SP_Server and http://SP_Server.example.com to both the sharepoint server and UserClient IE local intranet zones and validated that integrated authentication is checked.

    I validated that Delegated Authentication is on for both the SP_Service_Account & SP_Server.

    This is what currently happens:

    1. Login to SP_Server with TestUser account, and can successfully get to Http://SP_Server & http://SP_Server.example.com with integrated authentication
    2. Login to UserClient with TestUser account, will get continuous authentication prompt while trying to login to http://SP_Server and http://SP_Server.example.com

    I can't seem to find anything in the logs or event viewer to indicate what the problem is. It seems I can't login from a remote server, and even if I put in the correct credentials it still prompts and fails. The only hint I've found is that I get a "Audit Failure" on the SP_Server that says "Unknown user name or bad password" coming from the "TestClient", but how can that be when i'm logged in as the TestUser?




    Wednesday, March 13, 2013 3:44 PM

Answers

  • I ended up finding the solution to my problem.

    The issue was that I needed to set the "useAppPoolCredentials" as described in this blog post TechNet

    Thanks again for your help

    Thursday, March 14, 2013 2:18 PM

All replies

  • Hi,

    Thank you for your question. I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience. Thank you for your understanding and support.

    Thanks,

    Entan Ming

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contacttnmff@microsoft.com.


    Entan Ming
    TechNet Community Support

    Thursday, March 14, 2013 6:14 AM
    Moderator
  • I ended up finding the solution to my problem.

    The issue was that I needed to set the "useAppPoolCredentials" as described in this blog post TechNet

    Thanks again for your help

    Thursday, March 14, 2013 2:18 PM